OTBLS Standalone Affirm Direct API Page
======================================

What this package is
--------------------
This is a small, standalone PHP integration for an older site. It avoids build tools, frameworks, modern JavaScript, and database requirements.

Included files
--------------
affirm-financing.php        Public page with the three stateroom choices and customer form.
affirm-confirm.php          Receives the Affirm checkout_token and authorizes the transaction server-side.
affirm-cancel.php           Handles a customer closing/canceling the Affirm flow.
affirm-common.php           Products, order storage helpers, and Affirm API helpers.
affirm-config.example.php   Copy this to affirm-config.php and add your live settings.
affirm-orders/              JSON order records. Protect this folder from public access.

Security first
--------------
1. Rotate the production private API key in the Affirm dashboard before going live. A private key was pasted into chat, so treat it as exposed.
2. Never put the private key in browser JavaScript, HTML, CSS, or a public repo.
3. The public API key can appear in browser JavaScript.
4. Keep affirm-config.php and affirm-orders/ protected.
5. If possible, move AFFIRM_ORDER_DIR outside the public web root.

Install steps
-------------
1. Upload this folder to your website, for example:
   /affirm/

2. Copy:
   affirm-config.example.php
   to:
   affirm-config.php

3. Edit affirm-config.php:
   - Set AFFIRM_PRIVATE_API_KEY to your rotated production private key.
   - Confirm AFFIRM_PUBLIC_API_KEY is correct.
   - Set AFFIRM_BASE_URL to the exact public folder URL.
     Example: https://otbls.com/affirm
   - Leave AFFIRM_AUTO_CAPTURE as false unless you want to capture immediately.

4. Make sure the server can write to affirm-orders/.
   If your host has a file manager, set permissions so PHP can create JSON files.
   Common permissions: 750 or 755 for the folder, depending on your host.

5. Visit the page:
   https://otbls.com/affirm/affirm-financing.php

6. Run a complete test before sending the page to guests.
   For testing, use Affirm sandbox keys and sandbox URLs first if your account has them.

How the flow works
------------------
1. Guest chooses Veranda, Interior, or Oceanview Stateroom.
2. Guest enters contact/billing information.
3. The page creates a local JSON order record.
4. The browser opens Affirm using Affirm.js.
5. Affirm returns a checkout_token to affirm-confirm.php.
6. affirm-confirm.php uses your server-side private key to authorize the checkout token.
7. The code validates that Affirm's authorized amount matches the selected package price.
8. By default, the status becomes authorized_pending_capture.

Capture behavior
----------------
AFFIRM_AUTO_CAPTURE is false by default.

That means the transaction is authorized, but not captured. This is safer for cruise/travel packages because your team can confirm cabin availability, guest details, and reservation requirements before collecting funds.

If you set AFFIRM_AUTO_CAPTURE to true, affirm-confirm.php will try to capture immediately after authorization.

24-month financing note
-----------------------
The page sends guests into your Affirm checkout flow. Actual terms shown to the guest, including 24-month financing, depend on the financing programs enabled by Affirm for your merchant account and the applicant's approval.

Travel metadata note
--------------------
Affirm documentation says travel merchants must include itinerary metadata. This package includes a simple cruise itinerary placeholder. Ask your Affirm implementation contact whether they need additional fields such as ship name, departure port, return port, sailing dates, traveler count, or cancellation policy details.

Products configured
-------------------
Veranda Stateroom    $4,500.00
Interior Stateroom   $2,875.00
Oceanview Stateroom  $3,250.00

Images/descriptions
-------------------
Product images and descriptions were pulled from the Temptation Cruises stateroom source page you provided. Host the images locally if you want to avoid depending on their CDN or image paths.

Troubleshooting
---------------
If the confirmation page says PHP cURL is missing:
- Ask the host to enable PHP cURL.

If authorization fails:
- Confirm affirm-config.php has the rotated private key.
- Confirm AFFIRM_API_BASE_URL is production or sandbox to match the key type.
- Confirm the checkout_token reached affirm-confirm.php.
- Review the order JSON file in affirm-orders/.

If the Affirm modal does not open:
- Confirm the Affirm JS URL is reachable.
- Confirm AFFIRM_PUBLIC_API_KEY is set.
- Open the browser console for JavaScript errors.

If monthly promotional pricing does not display:
- Confirm Affirm promotional messaging is enabled for your account.
- Confirm the public API key matches the environment.
- It is safe to proceed even if the promotional line is blank; the checkout modal is the actual financing flow.
